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(54) Software copying system 

(57) A software copying system which enables oop- 
yr^hted software recorded in a master storage medium 
(1 ; 60] to be copied to a user^ target storage medium 
(3; 40) In a legitin^te manner. A contents identifier read- 
ing unit (2) rrads out a software identffler (SIDI; DID] 
from Ifie master storage medium (1 ; GO), while a storage 
medium identifier reading unit (4) reads out a storage 
medium identifier QDk: Mid) from the targel storage 
medium (3; 40). The two identjfiers are then s^t to a 
central site (5) whid) manages licenses for the right to 
copy software products. At the central site (5), a signa- 
ture generating unit (6) pnxluc^ a first signature (CS) 
from those Identifiers and sends it back to the user's 
site, where a signature writing unit (7) writes the 
received signature Into the target storage medium (3; 
40). A s^nature generating/comparing unit (8) pro- 
duces a second signature (CSO out of the same IdentSI- 
ers as those sent to the central site (5), and compares It 
with the fust signature (CS) stored in the target storage 
medium (3; 40). A data copying unit (9) copies the sul> 
ject software data file from the master storage medium 
(1 ; 60) to the target storage medium (3; 40). only when 
the first and second signatures (OS, CSl coincide with 
each other. 
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Dosciiptlon 

BACKGROUND OF THE INVEISmON 

1. Field of the Invention 

The preseni imfention relatee to software copying 
systenre, and more epecificaOy, to a software copying 
system which enatsles (xipyrighted software to be dupli- 
cated in a user^ storage medium in a legHimate marb 
ner. 

g. Description of the Related Art 

A wide variety of software distribution methods 
have become available in recent years, and the con- 
ajmers can purchase software products which are 
stored in some borage media such as floppy disks, 
compact disc read-only memories (CD-ROMs), and 
semiconductor memories. TTiey can also buy some soft- 
ware products sold at on-line shops t>y downloading via 
networls. Most of such commercial software products, 
however, can be copied irrto other storage media easily. 
This means that they are exposed to the potential risic of 
illegal duplication, or software piracy, which has become 
a serious problem for copyrighted softwara 

As to the software distnlxition methods for compu- 
ter applications, dictionaries, audio and video data, etc., 
one of the conventlonal methods b to distribute them In 
a CD-ROM that is eiectronicaily locked by a protection 
key. When a user Is interested In a certain software 
product heAshe makes contact with a central ate that is 
dealing that product. The user then takes a necessary 
procedure to purchase It, and In turn receives a l«y per- 
taining to the product. By opening the protected soft- 
ware archive with that key, the user can finally install it 
into his/her system. 

Another method of software dtetribution uses a ¥vri- 
table storage medium that contains some license-spe- 
cific identif icatk)n infbrmatton burned in advance, which 
Infonnatlon Is managed at the central site tor licensing 
the right to copy their software pnxlucts. When trying to 
duplicate a software product recorded In a CD-ROM, a 
user or a retailer selEng the storage media will send 
their request to the central sha After foflowing some 
necessary procedures for purchasing tf^ subject soft- 
ware product, the requesting user or retailer receives 
Identrflcatbn Information Issued by the central sita The 
subject software product can be duplicated from the 
CD-ROM to the storage medium, only when the 
received identificatton information coincides with the 
license-specific kientification information recorded in 
tfie storage medium. 

But anyone can exscuXe or nmke access to the soft- 
ware, once It Is Installed into his/her local storage devtoe 
such as a hard drive. TTiis simply means that the 
Instaliad sofhivare still Is a subject of niegal dupUcation 
due to the lack of key protectfon. 

Furth^, in the aforementioned second method, the 



license-related identification intorrration should be con- 
trolled at the central site in ctose liaison with a factory 
where the storage media are manufactured. Another 
problem with the storage mecfia is that it is rec^ired to 
s handle two types of storage media In different ways for 
two distinct purposes: software copying and general 
use. 
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Taking the above into consideratkui, an object of 
the present invention is to provkle a software copying 
system which enables copyrighted data recorded in a 
master storage medium to be copied In a legitimate 
15 manner to a target storage medium that a user can read 
and write to. 

lb accomplish the above object, according to the 
present invention, there is provided a software copying 
system tor duplicating software recorded In a master 

20 Storage medium to a target storage medium in a legiti- 
mate manner. An authorized oopying process Is 
achieved through communications between an end 
users site that is requeuing a license of copying the 
software |3roduct and a central site tfwt manages the 

25 license. 

The software oopying system comprises the foDow- 
ing structural elements. Contents identifier reading 
means reads out a first identifier the master storage 
medium. This first Identifier is unk:|uely assigned to the 

30 software product recorded in the master storage 
medium. Storage medium Uentlfler reading means 
reads out a second klentifier from the target storage 
medium. TTils second Mentifier is unk^uely assigned to 
and recorded in the target storage medium. Signature 

35 generating means, which Is disposed at the central site, 
generates a first signature from the first Mentifier read 
out by the contents identifier reading mear« and the 
second identifier read by the storage medium identtfier 
reading means. TTiis fird signature serves as a certifi- 

40 cate of a license to copy the software product Signature 
writing means writes the first signature generated by the 
signature genmtting means into the target storage 
medium. For a vertficatton purpose, signature generat- 
ing/comparing means generates a second signature 

45 from the first kJentHler read out by the contents Identifier 
reading means and the secorvd identifier read out by the 
storage medium identifier reading meana The signa- 
ture generating/comparing means then compares the 
first ^nature stored in the target storage medium with 

BO the second signature. Data copying means retrieves the 
software product out of the master storage medium and 
writes the soflvyare product mto the target storage 
medium, when the first and second Identifiers turned 
out to be identtel as a result of the comparison per- 

55 formed by the signature generating/comparing means. 
To acconqslish the above object thm is also pro- 
vided a software copying method for dupOcating soft- 
ware recorded In a master storage medium to a target 
storage nnedium in a legitimate manner. This software 
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copying method comprises the following stepe. 

First a storage medum identifier uniquely assigned 
to the target storage medium and a contents identifier 
uniquely assigned to a ^ject datafOe are sent from an 
end user's site to a central site, together with a message e 
requesting a software license. Second, a fast certificate 
code is generated at the central site from the storage 
medium identifier and the contents identifier received 
from the end user site. JUs step Is accomplished 
through a signature generating process using a certSi- 
cation key that is managed at the central site. Third, an 
encrypted certification key Is generated at the central 
site by encrypting the certification key using a user loey. 
Fourth, the first certif teate code and the encrypted certi- 
fication key are sent from the central site to the end 
usert tite. Rtth. the first certificate code and the 
encrypted certtflcation key arrived at the end user's site 
from the central site is written into the target storage 
medium. Sixth, a decrypted certH Icatton key is obtained 
at the end usei's site by decrypting, using the user ioey, 
the encrypted certification key stored In the target stor- 
age medium. S€A/enth. a second certification code Is 
generated, for the purpose of verification at tiie end 
user^ site, by applying a signature generating process 
u^ng tiie decrypted certification key to the storage 
medium Identifier and tiie contents identifier. Eighth, the 
first certificate code stored In the target storage medium 
is compared with the second certificate code that is 
generated at the end user's dte. L^iy, the subject data 
file stored in the master storage medium is read out and 
written Into tiie target storage medium if the first and 
second oertif kate codes ooindde wHh each other. 

TTie above and other objects, features and advan- 
tages of the present Invention will become apF^rent 
from the following description when taken in conjunction 
with the accompanying drawings which illustrate a pre- 
ferred embodiment of tiie present invention by way of 
exampla 

BRIEF DESCRIPTION OF THE DRAWINQS 

FIG. 1 is a conceptual view of a software copying 
system according to the present invention; 
FIQ. 2 is a flowchart showing a software duplication 
process esoecuted by a software copying system in 
a first errbodimenl of the present Invention; 
FIQ. 3(A) is a diagram showing the structure of a 
CD-ROIM; 

FIQ. 3(B) is a diagram showing tiie structure of an 
MO disc; 

FIQ. 4 is a diagram sfiowing a procedure oF dupli- 
cating copyrighted »)ftware; 
FIQ. 5 Is a diagram shewing the structure of a typi- 
cal ^nature processor; 

FIG. 6 Is a diagram showing a procedure of exact- 
ing a duplicated software program; 
FIG. 7 Is a flowchart showing a software duplication 
process eo®cuted t>y a software copying system In 
a second embocfiment of the present invention; 



FIQ. 8 is a diagram showing a procure at tine cen- 
tral site; 

FIQ. 9 is a diagram showing a procedure at the end 
user*^ site; and 

FIG. 10 is a diagram showing a procedure of exe- 
cuting a duplicated software program. 

DESCRIPTION OF THE PREFERRED EMBODIMENT 

At the outset, the present Invention will be outlined 
witti reference to FIQ. 1, which shows a conceptual view 
of a software copying system accord^ to the present 
Invention, 

As seen In FiG. 1, the software copying system of 
tiie present invention oon^prises several elements 
described bekw. Contents identifier reading means 2 is 
a means for reading out a first klentifier stored In a mas- 
ter storage medium 1. This fbst identifier is uniquely 
ass^ned to each software product recorded In the mas- 
ter stofEige medium 1 . Storage medium identifier read- 
ing mear^ 4 reads out a second kJentifier stored In a 
target storage medium 3. This second identifier is 
uniquely assigned to the target storage medium 3. Sig- 
nature generating means 6, disposed at a central site 5 
that maroges licenses for software copying, generates 
a first signature from the first and second kJentiflers 
read out l>y the contents identifier reading means2 and 
storage medium identifier reacfing means 4, respec- 
tively The first signature sen^ as a certificate of a 
Hcense to copy the software product. Signature writing 
means 7 writes the first signature, which is generated lay 
tiie signature generating means 6, into tiie target stor- 
age medium 3. Signature generating/oomparing means 
8 produces a second dgnature from the first and sec- 
ond klentrfiers respectively read out by the contents 
klentrfler rradlng means 2 and storage medium Iderrti- 
f ier r^ing means 4. The signature genaiating/compar- 
ing means 8 (XMTtpares tiie first signature stored In the 
targ^ storage medium 3 witti tiie second signature ttiat 
is produced. Data copying means 9 retrieves the subject 
software product out of the master storage medium 1 
and writes it into the target storage medium 3, when tiie 
first and second slignatures turned out to be Identical as 
a result of the comparison performed by the s^nature 
generating/comparing mear% 8. 

The master storage medium 1 contains several 
commercial software products, to each of which a con- 
tents identifier is written. The target storage medium 3 
has an individual storage medium identifier which is 
written at the factory before shipment When a user 
selects a software product from among those in the 
master storage medium 1, the contents identifier read- 
ing means 2 retrieves a contents identifier correspond- 
ing to the selected software product, and ttien the 
storage medium kientlfler readlr^ means 4 reads out a 
storage medium identifier recorded in tiie target borage 
medium 3. Those two identifiers are trar^mitled to tiie 
central site 5 together with a purchase order message 
to request a license to copy tiie subject software prod- 
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uct At the oentret site 5, the signature generating 
nfieans 6 rec^ves tl\e cont&its identrfier and storage 
medium identifier and eends iDack to tire user a signa- 
ture that is generated from the received identifiers. This 
signature authorizes the i^r as a licensee having the 5 
right to ocpy the software product. Simultaneously with 
the Issue of Ihe signature, Ihe user is regislered in a 
user profile database at the central site 5, and a blUIng 
process is also invoked. 

At the user side, upon receqst of the signature sent 10 
from the signature generating means 6, the signature 
writing means 7 writes rt into the target storage medojm 
3. The fignature generatingtomparing means 8 then 
localiy generates a signature from tiie contents identifier 
retrieved by the contents identifier reading means 2 and is 
the storage medium identifier r^rieved by the storage 
medium Identifier reading means 4. Ihs signature gen- 
erating/comparing means 8 compares this signature 
with Ihe first-mentioned signature stored In the target 
storage medium 3. if the two signatures coincide with 20 
each other, tiie data copying means 9 retrieves the sub- 
ject software product which Is stored in encrypted form, 
from the master borage medium 1 and copies it into tiie 
target storage medium 3. The software now stored in 
the target storage medium 3, however, is not ready for ss 
execution because It is stiil encrypted. TTie user has to 
load it to the main memory of a special processor which 
decodes and executes tiie encrypted software. 

Next, a first embodiment of the present frrvention 
will be descnljed below witii reference to FIGS. 2 to 6. so 
TTie following eocplanatfon asaimes such a case that a 
certam copyrighted sctftware program cfistributed in a 
CD-ROM Is to be copied Into a magneto-optical (MO) 
disc. 

FIQ. 2 is a flowchart showing a software duplication ss 
process perlomied by tiie software ocpying system. To 
copy a program in a CD-ROM to an MO disc using tiie 
software copying system of ttie present Invention, it is 
necessary to fdlow tiie steps of: 

40 

[S1] The storage medium Identifier IDk recorded In 
the MO disc and tiie software identifier SIDi of tiie 
subject software program are sent to tiie central 
site which manages license for software copying. 
[S23 TTiis request for tiie software license Is proc- 4S 
essed at tiie central sfts, where a certificate code 
CS is generated from tiie storage medium identifier 
IDk and software identifier SIDI received from tiie 
end user site. The central site then sends back tiie 
certificate code cs to Ihe end user sita so 
[S3] The certificate code CS arrived at tiie end 
user's site is writtai into a predetermined storage 
region In tiie MO disa 

[&q For a verification puipose. another certificate 
code CS' Is generated localiy at tiie end ussr's site, ss 
based on tiie storage medium identifier IDk and 
softwan» identifier SIDI, which vvere sent to tiie cen- 
tral sita 

[S5] The locally generated certificate code CS' is 



compared wrth the otiier certificate code CS stored 
in the MO disc. 

[S6] According to Ihe result of tiie comparison 
between CS and CS\ the process proceeds in dif- 
ferent ways. If the two certificate codes are found 
identical, tiie process goes to the next step S7. Oti> 
envlse, tiie process is tennlnated wrlthout copying 
tiie software program from tiie CD-ROM to tiie MO 
disc. 

[87] An encrypted software data fDe having the soft- 
ware identifia' SIDI is copied from the CD-ROM to 
the prepared MO disc. 

FIGS. 3(A} and 3(B} show the structure of records 
in a CD-ROM and an MO disc, respectiveiy. The struc- 
ture of a CD-ROM 1 1 is shown In Fia 3(A), where a 
plurality of copyrighted software progranr^ and a man- 
ager application program MA are recorded. The copy- 
righted software programs, stored In encrypted form, 
have their respective software identifiers SIDi 
(/-1,2 n). TTie manager application program MA gov- 
erns the operations to copy the copyrighted software 
programs from a CD-ROM to an MO disc. Upon request 
for software copying, this program wQI be loaded into 
and executed on a terminal station (e.g., a personal 
computer) located at the end user^ sita That Is, tiie 
n^nager application program MA Is responsible for tiie 
steps executed at ttie end usei^ site as part of tiie pro- 
cedure shown In FIG. 2. 

FIG. 3(B) is a cfiaoram showing tiie record structure 
of tiie MO disc 12, where a storage medium Identffier 
IDk [k=^ .2,....m) is recorded. Altiiough max part of the 
MO <Ssc 1 2 can be freely written and/or read by tiie end 
users, tiie storage meefium identrfier IDk is written in a 
special part of tiie disc tiial to not rewritaUa This stor- 
age medium identtiler IDk may be a serial number 
which is assigned uniqudy to each medium at tiie fac- 
tory before shipment 

Ttie tollowing description will present a more 
detailed procedure of duplicating copyrighted software 
from a CD-ROM to an MO disc wHh reference to FIG. 4. 

FIG. 4 shows a software copying procedure, which 
Is roughly divided Into two parts: steps at tiie end user^ 
site (tiie righthalf of Fia 4) and steps at tite central site 
(ttie left half of FIG. 4). At ttie end user's site, a terminal 
station (ag., a personal computer) perfomns actual data 
proceed jobs pertaining to tiie software copying, 
while several devices located at tiie central site man- 
ages license for the software copying. Those two sites 
are interconnected by a communication Hne or a deliv- 
ery channel. 

The terminal station at tite end user's site is 
equipped wtth a CD-ROM drive and an MO drive (botii 
not shown). The CD-ROM 11, serving as a master stor- 
age medliAn tiiat stnes copyrighted software programs, 
is inserted in the CD-ROM driva On the otiier hand, tite 
MO disc 12 serving as a target storage meefium is 
loaded in the MO driva The subject software prc^i^am In 
tiie CD-ROM 11 has a software identifier SIDi, and tiie 
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MO disc 12 owns its unique storage medium identifier 

IDk, 

First of all, at the end user*6 tennir^ station, the 
noanager application program MA in ttie CD-ROM 11 
starts with acoepting a request from the end user for 0 
copying a specie software program. Upon this request, 
tiie manager appOcation program M4 reads out the cor- 
responding scrftware identifier SiDi from the CO TOM 

11 as well as extracting the storage medium Identifier 
IDklfom the MO disc 12. Those two identifiers are then io 
sent to the software ficense center along with a request 
message containing information necessary for a soft- 
ware licme. 

The central ^ receives the atx3va-descrlbed 
request from the u^ and saves the contents of the i6 
request into a user profile database 13. The received 
software Identifier SIDf and storage medium Identifier 
IDk are euppOed to a signature processor 14, where the 
Identifiers SIDI and IDk are compressed Into a certffl- 
cate code CS. In this compression proems, a certif ica- so 
tlon key KEYc operates as a prfvate l«y (or secret l®y). 
The produced certificate code CS w91 serve as what is 
refen-ed to as the "signature" in FIQ. 1. The certification 
l«y KEYc used by the signature processor 14 is then 
directed to an encryption unit 15 to be encrypted witti a 25 
user toy KU, thus producing a dpherteoct EKU(KEYc). 
The certificate code CS generated by the sigrature 
procmor 14 and the ciphertext EKXJQ<EYo} generated 
l3y the encryption unit 15 are finally transmitted together 
with the central site identifier lEDc to tiie end user's site so 
as a re^3onse to the request f^om th e end user. 

At the end user^ site, the terminal station extracts 
the certflicate code CS and dphertext EKU(KEYc} \ram 
among the Inlbnnalion received from the central site 
and writes them into the target MO disc 12. The certif i- ss 
cate code CS and ciphertext EKU(KEYc) recorded in 
the MO d^ 12 are retrieved and sent to the manager 
application program. 

Then, in the terminal station, a s^nature verifica- 
tion process starts. Rrst, a decryption unit 16 decodes 4o 
the dphertHxt EKU(KEYc) using the user key /Ca and 
extracts the certification key KEYc, which was once 
encrypted at the central site. Out of the software identi- 
fier SIDf retrieved from the CD- ROM 1 1 and the storage 
medium identifier IDk reb'leved ftom the MO disc 12, a 4b 
signature processor 1 7 generates a certificate code CS' 
for verification at the end us^ sita The certification 
ksjf KEYc decrypted by the decryption unit 1 6 is used in 
tii^ CS' generation process. Then, a oonparator 18 
compares the certificatB code CS written In the MO c&c so 

12 and the certificate code CS' generated by the signa- 
ture processor 17. If the comparison result Micates 
Gotnddence of the two codes CS and CS', a switch 19 
win enable the software program having tiie software 
identifier SIDI to be written Into the target MO disc 1 2 In 55 
the form of encrypted datGL 

Tha following descr^jtion wil present a typical func- 
tion adileved tiy the signature processor 14 at the cen- 
tral site and the signature processorl 7 at ttte end user*6 



site. 

Fia 5 Qlistrates the structure of the signature proc- 
essor, which oontists of an exclusive OR togic 21 and 
an encryptbn unit 22. The exclusive OR togic 21 per- 
Ibmis an exclusive OR operation on a software identifier 
SIDi, storage medium identifier IDk and certificate code 
CS. The encryption unit 22 encrypts the output of the 
exclusive OR kigic 21 with the certilication key KEYcio 
produce the certificate code CS. Those two elements 

21 and 22 thus constitutes a hash function operator. 

In a t2lock-k3y-blodc manner, the encryption unit 22 
encrypts the software identifier SIDI and storage 
medium identifier IDk with the certification key KEYc. 
The encrypted output data is fed back to tiie InfUJt of the 
exclusive OR togic 21 and directed to tiie exclusive OR 
operation witii tiie next btock data. The output of the 
occlusive OR logic 21 then encrypted by the encryp- 
tion unit 22 again. The above openations are repealed 
until the final tHodk is entered, and the result of tiib 
cydic oon)putation will come out of the encryption unit 

22 as a certificate code CS wfien the encryption of tiie 
final block Is finished. 

Tiie licmed software program is copied to tiie MO 
disc 12 in the way desalted above, but the end user 
cannot mn it as is, because the program is still 
encrypted. The following description wfll explain how n 
will be executed. 

Fia 6 shows a procedure of executing a duplicated 
software program. The MO disc 12 conrtains the certifi- 
cate code CS, ciphertext EKU(KEYc), storage mecfium 
identifier IDk, and software kJentifler SIDi, as well as 
storing the duplioOed software in the form of encrypted 
data EKdfDATA). Thte encrypted data EKd(DATA} was 
encrypted with a key Kef before tiie software was 
stanped to the CD-ROM, and tiie encryption ksy Kd'e 
under the management of tiie manager applk»tion pro- 
gram. 

The terminal station at the end user^ site first 
retrieves from the MO disc 12 the certificate code CS, 
ciphertext EKU(KEYc}, Storage mecfium identifier IDk, 
and software kienttiler SIDL The decryption unit 18 
decrypts the dphertext EKU(KEYc) witii tiie user Ic^ 
Kl/, thereby extracting tha certification key KEYc. Then 
the signature processor 17 gen^ates another certifi- 
cate axle CS' from tiie software identifier SIDI and stor- 
age mediiffn identifier IDk retrieved from the MO disc 
12, using tiie certification key KEYc decrypted by tiie 
decryption unit 16. Sut)seciuen1ly, tiie comparator 18 
compares tiie c&lificate codes CS and CS'. If the com- 
parison indicates coincidence of tiie two codes CS and 
CS\ tiie switch 19 will altow an encrypted data file 
EKd(DATA) containing the encrypted software program 
to pass tiirough to a decryption urtit 25. The decryption 
unit 25 decrypts the encrypted data file EKci(DATA) 
using the key Kd Uiat Is owned by the manager appltea- 
tion program, time restoring the original plaintext data 
f fle DATA, The contents of this decrypted data fQe DATA 
can be executed by tiie central processing unit (CPU) 
after bdng loaded to the memory, botii of which are part 
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Of a CPU/memory unit 26 in the terminal station. 

Next a seoond ambodiinent of the prosent Inven- 
tion will be described below with reference to FIQS. 7 to 
10. In the second enrtijocfiment each software program 
recorded In a CD-ROM has a software Identifier DID 
uniquely ass^ned thereto; and its corresponding data 
ffle Data Is stxved as an encrypted ctata fDe EKd(Data). 
TTiis encrypted data file EKd(DATA) has been created 
with a master medium conversion key Ka generated 
from the software identifier DID and a master key KM, 
which is managed at a software license center. The sof^ 
ware license center Is In charge of licensing of the right 
to copy their commercial software products. Regarding 
ftw target starage media, the user's MO disc has a 
serial numt^er serving as a borage medium identtfier 
Mid, 

FIQ. 7 Is a flowdmrt showing a ^iftware duplication 
process perfbnned urvler the above assumption t)y the 
software copying system of tiie seoond emt)odlment 

To Obtain a copy (rf a ^yflware program distritnjted 
In a CD-ROM, It Is necessary to go through the following 
seven steps: 

[S11] TTie storage medium IdentHier Mki recorded 
in the target MO d^ and the software Identtfier 
DID of ttie subject software program in the CD- 
ROM are sent from the end user's site to the soft- 
ware Gcense center, which controls the license to 
copy the «]ftware produds. 
[S12] At the software license center, it is tested 
whether the software Identifier DiD Is registered 
therein or not 

[S13] TTie storage medium identifier Mid and soft- 
ware identifier DID are encrypted witti the master 
tey KM managed in the software Gcense center, 
thus generating a storage medium oonverdon key 
Ku and master nrfecSum conv^on key Ka, respec- 
tivelyL 

[S14] A ciphertext EMid{f<u,Ka) is generated by 
encrypting those storage medium and ma^ 
medium conversion keys KusndKa using the stor- 
age medium identifier Mki. The ciphertext 
EMki(Ku,Ka) Is sent to the end user^ site as a 
response message to the reQuest 
[S15] The Old user^ sHe obtains the storage 
medium conversion key Ku and master medium 
conversion key Ka by decrypting the received 
ciphertext EM}d(Ku,Ka} with tite borage medium 
identifier Mid, while storing a ciphertext EMic^Ku), 
MO disc-related part of the dphertsKt 
EMki(KutKa), without attempting decryption. 
[S16] Witii the master medium conversion tey Ka 
obtained In step S15, the encrypted data fDe 
EKd(D&ta) in the CD-ROM which oOT^ponds to 
tiie software Uentif ler DiD Is decrypted to restore 
the original plaintext data file Oafa. 
[S17] The F^ntexl data file Data is encrypted 
ac^n with the storage medium converebn key Ku 
obtained in step 315, and tiie encrypted ctetafile is 



stored into the MO cfisc, tiius finalizing tiie software 
dupDcation procesa 

The above-described «>ftware dupGcation prcce- 

s dure will be discussed In ntore detail below. In the sec- 
orxl embodiment of the present invention, the 
procedure starts at the end user^ sfte with sending a 
requeti to the software license center, which part of tiie 
procedure consists of only two things as f6lk3ws. One is 

10 to read out the storage medium Mentif ier Mid of the tar- 
get MO disc and the software identifier DID of the sub- 
ject software stored In tiie CD-ROM, and tiie otiier Is to 
send these identifiers Mid and DiD to the software 
license cerrter. TTie following description skips those two 

75 Steps and wiD begin with tiie steps executed by the soft- 
ware license center whidi has received tiie above 
request from ttie end usBfs slt& 

FIQ. 8 explains tiie procedure executed at the 
ware license center. Upon receipt of tiie two identifiers, 

20 Mid and DID, from tfie end user^ site tivough a com- 
munications One, tiie software license center Ibnvards 
the storage mecfium kientifier Midlosn encryption unit 
31 having tiie mast^ key KM under the control of the 
center, as weD as supplying tiie software kJentifler DiD 

25 to a comparator 32. The encryption unit 31 encrypts tiie 
storage medium Identifier Mid using tiie master key KM 
to produce a storage medium conversksn key Kl/. Tiie 
comparator 32, on tiie otiier hand, searches a contents 
identifier file 33, comparing each entry wftii the received 

30 software identifier DID to verify its validrty. if tiie 
received software Identifier DiD coincides witii tiie one 
registered in tiie contents identifier file 33, tiie compara- 
tor 32 doses a switch 34, ttius alkwtng tiie software 
Identifier DiD to enter to an encryption unit 35 having 

55 tiie ma^er key KM. The encryption unit 35 encrypts tiie 
software IdentiierD/D witii tiie master key KM to create 
a master medium conversion key Kia. The storage 
medium converston key Ku produced by the encryption 
unit 31 and the master medium conversksn key Ka pro- 

40 duced lay the encryption unit 35 are then entered to an 
encryptk}n unit 36 for further encryption using the stor- 
age mecfium identifier Mid. A ciphertext EMid(^,Ka} 
produced by tiie encryption unit 36 transferred to the 
requesting end loer through the communications Ene. 

4s Upon connpletion of tiie above processing steps, a 
request for trilling is issued to tiie user profile datatese 
37 and tiie cost is charged to tiie requesting end user. 

RQ. 9 explains the procedure at the end user^ site 
after the above^iescrilaed process is finished at tiie soft- 

50 ware license center. TTie ciphertext EMki(Ku,Ka) 
received from the software license center is applied to a 
decryptkm unft 51. while a ciphertext EMid(Ku) as part 
of tiie received dphertaxt EMk^Ku^Ka) Is written Into a 
predetermined region 41 in the target MO cSsc 40. TTie 

^ dacryptksn unft 51 decrypts tin c^ertaxtEA^J^KZ/.Kia; 
using tiie storage mecf urn id&nifier Mki extracted from 
tiie MO disc 40, thus restoring the original storage 
medium conversion key KZ/ and msGter medium oonver- 
Gon key Kia. This restored ma^ medium conversion 
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key Ka is then entered to a decryption unit 52 as its 
decryption key, while itie restored storage medium oon- 
verelon kB/Ku\s entered to an encryption unit53 as itG 
encryption key. TTie decryptbn unit 52 retrieves the 
encQrpted data fOe EKa(Data} that corresponds to the c 
software id&ttrfier 0/0 in the CD-ROM 60 and decrypts 
It with the rmter medium conversion Ka, thus 
restoring the ordinal plaintext data file Data, This data 
file Data is encrypted again by the en^^ption unit 53 
with the storage medium conversion key fQj, and the ro 
resultant ciphertext EKufDstsO written into the target 
MO disc 40. 

In the way descrjk>ed above, the ciphertext 
B<u(D^) is written Into the MO disc 40 through the 
process using two conversion keys derived from a is 
unique identifier recorded in the MO disc 40 and a msB^- 
ter key under the control of the software license center. 
Next, a procedure to execute the enoypted data file 
B<u(D^) will be descrltjed bekiw. 

FIG. 10 illustrates a procedure of executing the soft- so 
ware program that is duplicated as a data file In the MO 
disc 40. The dphertaxl EMid{Ku) Is stored in a section 
41 as part of the rewritable r^ton in the MO disc 40. 
while the storage medium Mentlfler Mid is recorded in a 
non-rewritable region 42. The encrypted data file 2ff 
EKufData) Is stored In a section in the remaining rewri- 
table r^ton. When the program in the encrypted ctecta 
file EKu(Dat€0 is called up for execution, the storage 
medium Identifier Mki and dpherteod EMld(Ku) are 
retrieved from the MO disc 40 and entered to a decryp- so 
tion unit 54. U^ng the storage medium Identifier Mfd as 
the deoyption key, the decryption unit 54 decrypts the 
dphertaxl EMld(Ku) to restore the storage medium con- 
version key Another deoypdon unit 55 then 
decrypts the encrypted data file Ei^fData) retrieved as 
from the MO disc 40, using the storage mecfium conver- 
sion Kt; as the decryption key. The resultant plain- 
text data file Dala win be SKScuted after being loaded to 
the main memory of a personal computer that is work- 
ing as the end user's tenninal station. 4o 

TTie above cfiscusslon will be summarized as fol- 
lows. Aocordihg to the present invention, the software 
copying system comprises signature generating means, 
disposed at the central ^ for generating a signature 
from Information that Identifies the target storage 4s 
medium and subject data stored in the master medium. 
The system also convrises. at the end user's site, sig- 
nature wrftJng means for writing the signature generated 
by the signature generating means into the target stor- 
age medium, signature generating/comparing means bo 
for comparing a agnature that is locally generated at the 
end user's site with the sgnature written in the target 
storage mediun, and data copying means for copying 
the subject program to the target storage medium 
according to the result of comparison. Therefore, the bs 
central ^e only has to issue a ^gnature associated with 
the tdentlfler of the target storage medium, and there is 
no need to manage any Gcense-spedfic frrfomiatkDn in 
ctose liaison with factories of the dotage medium ntan- 



ufadurers. Ttiis also eliminates the stock control in the 
manufacturers and retailers for the storage media to be 
used in software copying. 

The foregoing is considered as illustrative only of 
the principtes of the present Invention. Further, since 
numerous modifications and change wOl readDy occur 
to those sMIled In the art It Is not de^red to limit the 
invention to the exact construction and appOcations 
shown and described, and accordingly, all suitable nrxxi- 
ifk^tions and equivalents may be regarded as falling 
within the scope of the invention in the appended claims 
arxi their equivalents. 

Claims 

1. Asoflware copying system for dupGcating software 
recorded In a master borage medium (1 ) to a target 
storage medium (3) in a legitimate manner 
achieved through communkatlons between an end 
user*^ site that is requesting a license of copying 
the software and a central site ^ that manages the 
licer^ ths software copying system comprising: 

contents kientif ier reading means (2) for read- 
ing out a first identifier (SIDi} from the master 
storage medium (1), said fvst Mentifiers (8IDi) 
being uraquely assigned to the software pro- 
gram recorded in the master storage medium 

(1) : 

storage medium identifier reeding means (4) 
tor reading oid a second MentSier (IDI^ from 
the target storage medium (3), the second 
kjentlfier (IDI^ being uniquely assigned to the 
target storage medium (3); 
ognature gmierating means (6), disposed at 
the central site (5), for generating a f ir^ signa- 
ture from the fnet identifier (SIDQ read out by 
said contents klentifier reacfing means (2) and 
the 8&x>nd identifier (IDI^ read out by said stor- 
age medium identifier reading means (4), the 
first signabira serving as a certtflcate of a 
license to copy the software program; 
signature writing means (7) for writing the first 
signature generated by said sigr^ure generat- 
ing means (6) Into the target storage medium 

(3) : 

signature generating/comparing means (8) fbr 
generating a second signature, for a verlfna- 
tton purpose, from the first idaitrfier (SIDi) read 
out by raid contents identifier reading means 

(2) and the second identifier (IDI^ read out by 
saxj storage mediim identtfier reading means 

(4) , and comparir^ the ffrst signature stored In 
the target storage medium (3) with the second 
signature; and 

data copying means (9) for retrieving the soft- 
ware program out of the masto- storage 
medum (1) and writing the software program 
into the target storage medium (3), when the 
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fiiBl and second identrfidfB turned out to be 
identical as a result off ttie comparison per* 
formed by satd signature generating/conipar- 
ingmeans^S). 

s 

2. A software copying system accofding to claim 1, 
wherein said signaturs generating means (6) com- 
prises 

^nature processing means (1 4} for encrypting io 
the fDBt identifier (SIDi) read by said contems 
identifier reading means (2) and the second 
identifier (IDI^ read by eiid storage mecfium 
identifier reacting means (4) using a certifica- 
tion key (KEYc) managed at the central site (5). is 
to produce a certificate code (CS) that serves 
as the first signature, and 
encrypting means (15) for encrypting the certi- 
fication key (KEYc) using a user toy (KU) reg- 
istered at the central site (5), and sendng the 2o 
snoypted certification ksy (EKU (KEYc)} for 
use in said signature generating/bomparing 
means (8) to generate the second signatura 

3. A software copying system according to claim 2, ss 
wherein said signature generating/comparing 
means (8) comprises 

decrypting means (18) for decrypting the 
enoypted certification keff (EKU(KEYc)) using so 
the user key (KU), which Is registered at the 
central site (5), to produce a decrypted certifi- 
cation heyi 

certificate code generating means (1 7) for gen- 
erating another certificate code (CS*) for verifi- as 
cation, wHch will serve as tiie second 
tignature, k>y enaypting the first identifier 
(SIDQ read t^ said contents identifier reading 
means (2) and the second IdentrHer (I Dig read 
by said storage medium identifier reading 4o 
means (4) using the decrypted certification key 
(KEYc), and 

comparing means (1 8} for comparing the certlf- 
i^te code (CS*) for verification generated by 
^d certificate code generating mears (17) 4S 
wfth the certificate code (C^) stored as the first 
signature in the target storage medium (3). 

4. A scrftware copying method tor duplicating s(^tware 
recorded in a master storage medium (1 ) to a target so 
storage medium (3) in a legitimate mann^ 
achieved tfwough communications between an end 
user^ site that is requesting a license to copy the 
software and a centrai site (5) ttiat manages tiie 
Dcense, the software copying method comprising ss 
tlie steps of: 

sending from the end user^ site to the central 
site a storage medium identifier (IDI^ that is 



uniquely assigned to the target storage 
medium (3) and a contents identifier (SIDi) that 
is unk:|uely assigned to a sutjed data file, 
together with a message requesting a ^yftware 
license; 

generating at the centra) site (5) a first certifi- 
cate code (CS) from the storage medium iden- 
tifier (iDI^ and the contents identifier (SIDi) 
received from tiie end L»er site, through a sig- 
nature generating process using a certification 
key (KEYc) that is managed at the central site 
(S): 

generating at the central site (5) an encrypted 
certification key (EKU(KEYc)) by encrypting 
tiie certification key (KEYc) using a user key 
(KU); 

sending from the central site (5) to tiie end 
user's site the first certificate code (CS) and tiie 
encrypted certification (EKU(KEYc}); 
writing at the end user^ site tiie first certificate 
code (CS) and the encrypted oertfflcation key 
(EKU(KEYc)) received from the central site (^ 
into the target storage mecSum (3); 
obtaining at tiie end user's site a decrypted cer- 
tification key (KEYc) by decrypting tiie 
encrypted certification key (EKU(KEYc}), 
whi^ is stored in the taiget Mrage medium 
(3), using the user key (KU); 
generating at tiie end user's site a second cer- 
tification code (CS*) for a verification purpose 
by applying a s^nature generating process 
using the decrypted certification key (KEYc) to 
the storage medium Identifier (IDI^ and tiie 
contents identifier (SIDQ; 
comparing tiie first certificate code (CS) stored 
In the target storage medium (3) witii tiie sec- 
ond certificate code (CS*) titat is generated at 
tiie end user's site; and 
reading out the sutiject data file stored in the 
master storage medium (1) and writing the sub- 
ject data file Into the target storage medium (3) 
if tiie first and second certificate codes 
(CS.CS') coincide with each other. 

A software copying system for duplicating software 
recorded In a master storage medium (60) to a tar- 
get storage medium (40) in a legitirraie manner 
achieved through communicatfons between an end 
usa's site that is requesting a license to copy tiie 
software and a central site (5) that manages the 
license, tiie software copying system conrprising: 

contents identifier reading means (2) for read- 
ing a first identifier (DID) uniquely assigned to a 
software product, which are both reooided in 
the master storage mecfium (60); 
storage medium kfenttfier reading means (4) 
for reading a second kfeniSier (MkJ) unk^uely 
assigned to tiie target storage medium (40) 
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and recoitled th^ein; 

cx>nvBr&ion key generating maans (31 , 35, 36}, 
disposed at the central site (5), for generating a 
storage medium conversion key (Ku) fromHie 
second Identifier (Mid) said contents e 

identifier reatSng means (2), generating a mas- 
ter medium conversion key (Ka) from the first 
identifier (DID) read by said storage medium 
identifier reading means (4), and generating an 
encrypted storage medium conversion key io 
(EiyAid(Ku)) and an encrpyted master medium 
conversbn key (^ki(Ka}) by respectivety 
encrypting the storage medium conversion key 
(Ku) and the master medium conversion key 
(Ka) using the seond RJentifi^ (Mid); is 
conversion key writing means for writing the 
encrypted storage medium conversion key 
(EMid(Ku)) generated lay said conversion k^ 
generating means (31, 36) into the target stor- 
age medium (40); so 
conversion key decryptir^ means (51) for gen- 
erating a decrypted storage medium oonver- 
sk)n key (Ku) and a decrypted master medium 
conversion kay (Ka) by respectively decrypting, 
using the second identifier (iMid) read said zs 
storage medium identifier means (4), the 
encrypted borage medium conversion key 
(EMid(Ku}) and the encrypted master medium 
conversion key (EMid(KB}) generated by said 
conversion key generating means (31 , 35, 36); 30 
data decrypting means (52) for reading out the 
target data foe (EKa(Data)) recorded in the 
master storage medium (60) and producing a 
plaintext data fOe (Data) by decrypting the tar- 
get data file (EKa(Data)) using the decrypted as 
master medium oonveraon key (Ka) generated 
by said conversion key decrypting means (51); 
and 

data writing means {53) for producing an 
encrypted file (EKu(Data)) t^ encrypting 40 
the plaintext ctata fOe (Data) using the 
decrypted storage medium oonveraion key (Ku) 
generated by said oonverdon key decrypting 
tneem (51) and writing the encrypted data file 
(EKu(Dala)) Into the target storage medium 4s 
(40). 

6. A software copying system ac^rding to claim 5, 
wherein said confverak)n key generating means (31 , 
35, 36) comprises bo 

first encrypting means (31) for generating the 
storage medium conversion key (Ku) by 
encrypting the second identifier (Mid) read out 
by saM contents Identirier reading means (2), 5S 
uwg a master key (KM) that is managed at the 
central sfto (9; 

second encrypting means (35) for producing 
the master medium conversion key (Ka) 1^ 



encrypting the firtf identifier (DID) read out by 
sud storage medium identtfier readir^ mesm 
(4), using the master ksy (KM); and 
third encrypting means ^) for producing the 
encrypted storage medium oonverston key 
(EMid(Ku)) and the encrypted master medium 
conversion key (EMid(KB}) tiy en(^yptlng the 
storage medium conversion key (Ku) and the 
master medium oonverston key (Ka) using the 
second Identifier (Mid) read out by saki con- 
tents identifier reading means (2). 

A software copying system tor duplicating a subject 
data file recorded in a nrmster storage medium (60) 
to a target dorage medium (40), the subject data 
file being encrypted with a nwter medium conver- 
sion key (Kb) produced from a contents identifier 
(DID) to identHy software pnoducts and a metier 
key (KM) managed at a central site (5) whtoh deab 
licenses to copy software pnxluds, the software 
copying system comprising the steps of: 

sending from the end user^ site to the central 
site (5) a contents identflier (DID) that is 
unique^ assigned to the subject data file and a 
storage medium Identifier (MicQ that is uniquely 
ass^ned to the target storage medium (40); 
producing at the central ^ (5) a nu»ter 
medium conversion key (Kb) and a storage 
medium oonvertion k^ (Ku) by respectively 
encrypting the contents kdentMer (DID) and the 
storage medium identifier (MidD using a master 
key (KM) managed at the central site (5); 
generating an encrypted storage medium con- 
version key (EMid(Ku)) and an encrypted mas- 
ter medium oonver^n key (EMd(Ka)) by 
respectively encrypting the storage medium 
conversion key (Ku) and the master medium 
converak»n key (Ka) using the storage medium 
identifier (Mid); 

sending from the central site (5) to the end 
usei's site the encrypted master medium con- 
version key (EMId(t^)) and Ihe encrypted stor- 
age medium conversion key (EMid(Ku)); 
writing the encrypted stor^ medium oonver- 
ston key (EMid(KLi)) Into the target storage 
mecfium (60); 

generating a decrypted storage medium con- 
version key (Ku) and a decrypted master 
mecfium converdon key (Ka) by respectively 
decrypting the encrypted storage medium con- 
veraion key (EMid(Ku)) and the encrypted mas- 
\w medium conversion key (EMkl(KB)) using 
the storage medium identifter (Mid); 
decrypting the sufc^ect data file (EKapata)) 
recoRled in the master storage medium (40) to 
produce a plalntaxt data file (Data) tiy decrypt- 
ing the target data fHa (EKa(Dala)) using the 
decrypted master medium conversion key (Ka); 
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pfodudng an encrypted data fOe (EKu(Dala)) 
b/ encrypting the plaintext data file (Data) 
using Ihe decrypted storage medium conver- 
donfc^ (Kij];and 

writing the enoTpted data file (EKLj(Dala)) Into 
the target storage medium (60). 
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